Before diving into details on some of the biggest data breaches in 2021, let’s first define what a “data breach” really is. Essentially, a data breach is when an unauthorized person gains access to confidential and sensitive information. Data breaches are often brought caused by security gaps in organizations or by rogue employees running away with confidential corporate or client data. In this age of digital revolution, there have never been more avenues for cybercriminals to explore and slip through.
Data breaches in 2021 have manifested quite a surprising outcome. In fact, there have been fewer victims this time around compared to the past few years. In 2020, there were over 300 million victims. This year, just over 100 million people were impacted. Compared to billions of people in 2016, a mere hundred million doesn’t sound too bad. However, this doesn’t remove the fact that the year isn’t over yet and people are still being affected by data breaches today.
Here is a list of some of the biggest data breaches in 2021:
1. AOL
AOL is a prime example of screening your employees thoroughly. Everybody can gain your trust, it’s just that not everyone deserves it. Jason Smathers, an employee of AOL, stole a list of 92 million AOL customer account “screen names” using his inside knowledge of AOL’s computer system. He then sold these names to Sean Dunaway who is not, in any way, related to AOL.
Dunaway was accused of using this list of names to promote his own internet gambling business—not to mention that he also sold the list to other spammers for a whopping $52,000. Dunaway also offered $100,000 to Smathers for an updated list of AOL’s customers. The two men now face a maximum sentence of five years in prison and a fine of $250,000.
According to AOL in a statement, they plan on “thoroughly reviewing and strengthening” their procedures after this incident—an incident that exposed 112 million records.
2. SocialArks
SocialArks is a social media management company that spearheads brand building, marketing, and social customer management in China’s foreign trade sector. Handling millions of users worldwide, SocialArks was and still is, an alluring target for cybercriminals. Recently, the company was a target of a data breach that exposed over 200 million social media users’ personal (and professional) data from Facebook, Instagram, and LinkedIn with an added bonus of celebrity and influencer profiles—all thanks to a faulty database.
SocialArks’ very own ElasticSearch contained the information of users all across these platforms. Safety Detectives employees found the affected server, hosted by Tencent, during a routine security check.
3. Volkswagen
In June 2021, Volkswagen reported a data breach that impacted over 3 million customers. The majority of the affected individuals are either current or potential buyers of Audi vehicles from Canada and the United States. Volkswagen said that a compilation of data for sales and marketing between 2014 and 2019 was exposed online between August 2019 and May 2021.
On the 10th of March, an unauthorized third party may have gained access to the information, Audi and Volkswagen reported. In this compilation, information that was leaked comprised of the first and last names, email addresses, mailing addresses, phone numbers, vehicle/s purchased, leased or inquired about.
4. T-Mobile
This past August, T-Mobile was, once again, victimized by a data breach. Personal details of over 50 million customers, including their social security numbers and birth dates, were exposed. Then, another batch of data was exposed—this time, their IMEI and IMSI numbers. This is quickly assumed to be an action to take control of victims’ phone lines.
As a response, T-Mobile notified the affected customers and offered two years of identity protection services as well as reminding them to regularly update passwords and PIN numbers so as to err on the side of caution. Unfortunately, this isn’t T-Mobile’s first rodeo with data breaches as the company was also affected by a smaller-scale breach in 2020.
5. Apple Inc. / BlueToad
1 million Apple iOS devices were leaked by hackers from the servers of a Florida-based digital publishing firm called BlueToad. The company develops digital distribution technologies and provides products such as custom iOS and Android apps that publishers can use to distribute their titles to millions of mobile users. More than 2,000 titles are published to iPad and iPhone apps digitally every month, thanks to the company.
However, a group of hackers claiming to be affiliated with Anonymous released a file containing 1 million Apple unique device identifiers (UDIDs) and device names. The hackers said that the leaked data was part of a database that included more than 12 million UDIDs—and it also included information such as cellphone numbers, addresses, and zip codes. These hackers claimed to have hacked an FBI agent’s laptop to get such information.
The FBI dismissed the claim and stated that the laptop has never touched the data released by the hackers. After this incident, Apple has started to maneuver outside of UDIDs.
What can we learn from these data breaches?
1. Keep information encrypted
Millions of companies around the world have trusted the web to hold their information. While it is the most convenient way to store data, it’s not always the most secure. If you’re simply sending confidential data and messages through simple email, you’re bound to experience a breach sooner or later. However, by encrypting sensitive information, you can protect the data you send, receive, and store online.
Encryption is a technology that conceals data using complex algorithms. Users who are protecting their data through encryption will receive a cipher key. This is a specialized key to unlock the data, so the material is readable again. Of course, only you and authorized parties should have access to this key, otherwise, it will defeat the purpose of encryption.
2. Increase your cybersecurity budget
Cybersecurity has become more a business issue than just a technological one. Today, cybersecurity is an expensive investment—but it has transformed to be a necessary one, after all, the cost of damage control after a data breach far exceeds the costs of ensuring your business is up-to-date with the latest security practices.
As tactics grow more and more complex and unpredictable, companies must boost their cybersecurity budget just as much as how they’re willing to invest in their company.
3. Control access to important data
Presumably, most of the data you store is your company’s bread-and-butter. It is what keeps your business going and growing. To have that seen by unauthorized personnel can prove to be fatal to your business. If big companies like Volkswagen and Apple were victims of data breaches, you can guarantee that your business can never be “secure enough” as well.
Controlling access to important data includes both physical and digital access to systems, data, and even rooms. All computers, devices, and should be protected with multiple security layers, while physical spaces should be locked and only be accessible by authorized personnel.
4. Improve screening for employees
Employees are the gears that ensure a business’s effectiveness. The key is to properly screen potential employees not just of their personal backgrounds, but also of their criminal backgrounds, drug tests, and even credit checks. As you may have noticed, it’s easier for people to penetrate systems when they’re inside the company, as seen in AOL’s past dilemma.
However, to make cybersecurity work, employees must be trained as well, so as to ensure that they are in sync with data breaches and security practices.